By Guest Blogger: Eric Abbott is a technology executive with a deep understanding of healthcare IT and telecommunications infrastructure. With over 20 years of experience, Mr. Abbott is responsible for leading product management initiatives at ExteNet Systems. Prior to joining ExteNet Systems, Mr. Abbott served as a Senior Product Manager for Motorola, Inc. There, he led the development of advanced applications and communication systems for healthcare, public safety agencies, and enterprise customers. His background also includes medical informatics, healthcare IT, business strategy, operations, and systems engineering.
Identify management (IM) is increasingly an important consideration for leading healthcare organizations (HCOs). In broad terms, IM is defined as the process and means by which people and things are authorized, authenticated, and accounted during interactions between disparate systems. For example, IM may refer to either the process by which a user supplies credentials to gain access to a system or the user’s password and/or another unique identifier (in the case of two-factor authentication). In this way, the identity of the person or the object is firmly established to ensure that system integrity (i.e., the security, privacy, or other requirement) is assured.
Traditionally, HCOs have viewed IM as a means to manage IT and telecommunications assets. For example, IM may be used to ensure compliance to HIPAA standards (privacy and security), enforcement of enterprise policies and practices, and to provide authorized users with local and/or remote access to enterprise systems such as clinical databases.
The changing healthcare landscape coupled with the burgeoning proliferation of machine-to-machine (M2M) medical devices is forcing HCOs to re-examine their approach to IM. Drivers may be classified intro three general categories. The first are structurally changes. These include the availability of low cost M2M medical devices, pervasive broadband wireless networks, and standards-based data standards that facilitate interoperability with cloud-based services, such as the iDigi Cloud, thus creating a rich and diverse medical informatics ecosystem. In the afore-mentioned scenario, the iDigi Device Cloud promotes transparent and seamless exchange of data and information to create true knowledge sharing anytime, anywhere. Thus, a Digi M2M pulse oxometer worn by a patient is able to interface to a variety of disparate communication systems, improving a monitored patient’s mobility, thereby promoting increased quality of life.
The second are organizational changes. These include accountable care organization (ACO) metrics arising from legislative reforms. ACOs benefit from M2M data transactions by having real-time, contextual data to demonstrate, for example, improved quality of care.
The last are cultural changes as illustrated by the concept of personalized medicine, which reflects changing supply side and demand side psycho-demographic acceptance of M2M, smartphones, tablets, and other electronic means that are used for the delivery of healthcare services.
The following five key IM considerations are critical to HCOs considering changes to their enterprise architectures in order to leverage new data and M2M paradigms.
1. Identity authentication is paramount.
It can’t be assumed that a given M2M module assigned to an individual or system always remains a valid and true association. M2M modules can be lost, stolen, or replicated by well-intentioned or malicious entities. As with smartphones (i.e., Bring Your Own Device or BYOD), the identity of the M2M module must be continually validated using advanced security technologies incorporated into IM systems.
2. Reporting and Monitoring.
Chronic disease management and wellness are two of the most applications of M2M in healthcare. IM of M2M modules must be able to transcend multiple wireless technologies and provide highly-available and robust communications back to the HCO for both healthcare data reporting and monitoring of M2M system health.
3. Role and attribute based management.
Rich IM of M2M must include contextual factors such as the user, available resources, its location, and time to provide operational management efficiencies that are harmonized with enterprise policies and security best practices. For example, data off-load of M2M to Wi-Fi networks as opposed to cellular-based systems when and as appropriate based on the factors above.
Multiple M2M modules may be assigned to systems and/or a person. IM provisioning rules that are extensible are critical to ensure both management and maintenance of M2M devices across the ecosystem. This should apply whether or not a patient is local or remote.
5. Remediation and control.
IM must be able to make real-time and near real-time control changes to M2M modules when vulnerabilities and anomalies are detected, including threats (i.e., cyber-attacks) and/or functional failure of the M2M module. Thus, in the iDigi taxonomy, the operational efficiency and integrity of an iDigi M2M module is constantly assured, promoting high levels of reliability and availability, while minimizing operational risks arising, for example, from cyber threats.